Things That Go Bump in the Net - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Things That Go Bump in the Net

Description:

Downloading a simple Web page. SYN. SYN/ACK. ACK. YOUR DATA HERE. FIN. FIN ... home page! br ... for you: colouring pages, bath time singalongs, and ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 23
Provided by: Kenn87
Category:
Tags: bump | home | net | pages | things

less

Transcript and Presenter's Notes

Title: Things That Go Bump in the Net


1
Things That Go Bump in the Net
  • Carey Williamson
  • Department of Computer Science
  • University of Calgary

2
Network Performance (Williamson)
  • Make the Internet go faster
  • Research area?
  • Wireless networks, Internet protocols, computer
    systems performance evaluation
  • Approach?
  • Experimental, simulation, analytical
  • Key challenges?
  • Citius, Altius, Fortius!
  • Performance, scalability, robustness

3
Network Traffic Measurement
  • Collect and analyze packet-level traces from a
    live network, using special equipment
  • Process traces, statistical analysis
  • Diagnose performance problems (network,
    protocol, application)

101101
4
Talk Outline
  • Background Networking 101
  • Network Traffic Measurement Basics
  • Selected Measurement Results
  • U of C Network Anomalies
  • Wireless Network Weirdness
  • Wrap-up and Questions

5
Internet Protocol Stack
  • Application supports end-user services and
    network applications
  • HTTP, SMTP, DNS, FTP, NTP
  • Transport end to end data transfer
  • TCP, UDP
  • Network routing of datagrams from source to
    destination
  • IPv4, IPv6, BGP, RIP
  • Data Link channel access, framing, flow/error
    control, hop by hop basis
  • PPP, Ethernet, IEEE 802.11b
  • Physical transmission of bits

001101011...
6
Example HTTP and TCP
  • Downloading a simple Web page

YOUR DATA HERE
Web Client
Web Server
7
Network Packet Structure
AL
TL
NL
DL
PL
Protocol Headers (Control Information)
Payload
HTTP/1.0 200 OK Content-Type text Content-Length
4732 lthtmlgt Welcome to Sponge Bobs home page!
ltbrgt On this site, there are lots of fun
activities for you colouring pages, bath time
singalongs, and more. ltpgt Please click ltagt
lthref./signup.htmlgt here lt/agt to learn more
about membership accounts and...
Payload (User Level Data)
8
Network Packet Structure
AL
TL
NL
DL
PL
Protocol Headers (Control Information)
Payload
HTTP/1.0 200 OK Content-Type text Content-Length
4732 lthtmlgt Welcome to Sponge Bobs home page!
ltbrgt On this site, there are lots of fun
activities for you colouring pages, bath time
singalongs, and more. ltpgt Please click ltagt
lthref./signup.htmlgt here lt/agt to learn more
about membership accounts and...
SrcPort 80 DstPort 2579 SeqNum 61842 ACK
3756812 Window 8192 Flags PA
Transport Layer Header (e.g., TCP)
Payload (User Level Data)
9
Network Packet Structure
AL
TL
NL
DL
PL
Protocol Headers (Control Information)
Payload
HTTP/1.0 200 OK Content-Type text Content-Length
4732 lthtmlgt Welcome to Sponge Bobs home page!
ltbrgt On this site, there are lots of fun
activities for you colouring pages, bath time
singalongs, and more. ltpgt Please click ltagt
lthref./signup.htmlgt here lt/agt to learn more
about membership accounts and...
SrcPort 80 DstPort 2579 SeqNum 61842 ACK
3756812 Window 8192 Flags PA
SrcIP 372.19.44.108 DstIP 136.159.99.114 Lengt
h 1500
Transport Layer Header (e.g., TCP)
Payload (User Level Data)
Network Layer Header (e.g., IP)
10
Network Packet Structure
AL
TL
NL
DL
PL
Protocol Headers (Control Information)
Payload
HTTP/1.0 200 OK Content-Type text Content-Length
4732 lthtmlgt Welcome to Sponge Bobs home page!
ltbrgt On this site, there are lots of fun
activities for you colouring pages, bath time
singalongs, and more. ltpgt Please click ltagt
lthref./signup.htmlgt here lt/agt to learn more
about membership accounts and...
Src 12BD07 AFB06E Dst 37F914 FDC108 CR
C 0xFC147E
SrcPort 80 DstPort 2579 SeqNum 61842 ACK
3756812 Window 8192 Flags PA
SrcIP 372.19.44.108 DstIP 136.159.99.114 Lengt
h 1500
Transport Layer Header (e.g., TCP)
DataLink Layer Header (e.g., WiFi, Ethernet)
Payload (User Level Data)
Network Layer Header (e.g., IP)
11
Network Traffic Measurements
Protocol Headers (Control Information)
Payload
HTTP/1.0 200 OK Content-Type text Content-Length
4732 lthtmlgt Welcome to Sponge Bobs home page!
ltbrgt On this site, there are lots of fun
activities for you colouring pages, bath time
singalongs, and more. ltpgt Please click ltagt
lthref./signup.htmlgt here lt/agt to learn more
about membership accounts and...
Src 12BD07 AFB06E Dst 37F914 FDC108 CR
C 0xFC147E
SrcPort 80 DstPort 2579 SeqNum 61842 ACK
3756812 Window 8192 Flags PA
SrcIP 372.19.44.108 DstIP 136.159.99.114 Lengt
h 1500
Transport Layer Header (e.g., TCP)
DataLink Layer Header (e.g., WiFi, Ethernet)
Payload (User Level Data)
Network Layer Header (e.g., IP)
12
Example tcpdump Trace
Time IP Source Addr IP Dest
Addr Size Prot SPort DPort TCP Data
SeqNumber TCP AckNum Window Flags

0.000000 192.168.1.201 -gt 192.168.1.200 60 TCP
4105 80 1315338075 1315338075 0 win 5840
S 0.003362 192.168.1.200 -gt 192.168.1.201 60
TCP 80 4105 1417888236 1417888236
1315338076 win 5792 SA 0.009183 192.168.1.201 -gt
192.168.1.200 52 TCP 4105 80 1315338076
1315338076 1417888237 win 5840 A 0.010854
192.168.1.201 -gt 192.168.1.200 127 TCP 4105
80 1315338076 1315338151 1417888237 win 5840
PA 0.014309 192.168.1.200 -gt 192.168.1.201 52
TCP 80 4105 1417888237 1417888237
1315338151 win 5792 A 0.049848 192.168.1.200 -gt
192.168.1.201 1500 TCP 80 4105 1417888237
1417889685 1315338151 win 5792 A 0.056902
192.168.1.200 -gt 192.168.1.201 1500 TCP 80
4105 1417889685 1417891133 1315338151 win 5792
A 0.057284 192.168.1.201 -gt 192.168.1.200 52
TCP 4105 80 1315338151 1315338151
1417889685 win 8688 A 0.060120 192.168.1.201 -gt
192.168.1.200 52 TCP 4105 80 1315338151
1315338151 1417891133 win 11584 A 0.068579
192.168.1.200 -gt 192.168.1.201 1500 TCP 80
4105 1417891133 1417892581 1315338151 win 5792
PA 0.075673 192.168.1.200 -gt 192.168.1.201 1500
TCP 80 4105 1417892581 1417894029
1315338151 win 5792 A 0.076055 192.168.1.201 -gt
192.168.1.200 52 TCP 4105 80 1315338151
1315338151 1417892581 win 14480 A 0.083233
192.168.1.200 -gt 192.168.1.201 1500 TCP 80
4105 1417894029 1417895477 1315338151 win 5792
A 0.096728 192.168.1.200 -gt 192.168.1.201 1500
TCP 80 4105 1417896925 1417898373 1315338151
win 5792 A 0.103439 192.168.1.200 -gt
192.168.1.201 1500 TCP 80 4105 1417898373
1417899821 1315338151 win 5792 A 0.103780
192.168.1.201 -gt 192.168.1.200 52 TCP 4105
80 1315338151 1315338151 1417894029 win 17376
A 0.106534 192.168.1.201 -gt 192.168.1.200 52
TCP 4105 80 1315338151 1315338151
1417898373 win 21720 A 0.133408 192.168.1.200 -gt
192.168.1.201 776 TCP 80 4105 1417904165
1417904889 1315338151 win 5792 FPA 0.139200
192.168.1.201 -gt 192.168.1.200 52 TCP 4105
80 1315338151 1315338151 1417904165 win 21720
A 0.140447 192.168.1.201 -gt 192.168.1.200 52
TCP 4105 80 1315338151 1315338151
1417904890 win 21720 FA 0.144254 192.168.1.200
-gt 192.168.1.201 52 TCP 80 4105 1417904890
1417904890 1315338152 win 5792 A
13
U of C Traffic Measurement
  • Continuous monitoring of U of C traffic on
    commercial Internet link
  • 24 months of data and counting
  • Specific measurement studies to date
  • TCP reset behaviour (Arlitt)
  • Network intrusion detection (Obied)
  • P2P traffic evolution (Madhukar)
  • Campus WLAN measurement study underway now in
    2006 with UCIT

14
Data Collection Methodology
  • Use tcpdump as network monitor on U of C campus
    Internet connection
  • Data collection started in September 2003
  • TCP/IP packet headers (SYN/FIN/RST)
  • 2 years of data available for analysis

Internet
Two 1.4 GHz PIII, 2 GB RAM, 140 GB Hard Disk
100 Mbps Full Duplex
Campus Router
1 Gbps Half Duplex
Monitor
UofC
15
TCP Connection Analysis (1 yr)
2003
2004
M. Arlitt and C. Williamson, An Analysis of TCP
Reset Behaviour on the Internet, ACM Computer
Communication Review, Vol. 35, No. 1, pp. 37-44,
January 2005
16
U of C P2P Traffic Study
  • What proportion of U of Cs Internet traffic is
    Peer-to-Peer (P2P) file sharing traffic, like
    KaZaA, BitTorrent, etc...?
  • (a) about 1
  • (b) about 10
  • (c) about 25
  • (d) about 50
  • (e) about 90

?
Correct!
17
Network Activity (Sept/03July/05)
Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul
Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun
Jul 2003 2004

2005
18
Port Analysis Results
SSH
HTTP(c)
SMTP
Unknown
MSSQL-S
HTTP(s)
Sep Oct Nov Dec Jan Feb Mar Apr May
Jun Jul Aug Sep Oct Nov Dec Jan Feb
Mar Apr May Jun Jul 2003
2004

2005
19
Results for Transport-Layer Method
Jan Feb Mar Apr
May Jun Jul
Aug Sep Oct Nov
Dec 2004
20
Wireless Media Streaming
Wireless Sniffer
21
Mobility Issues
Wireless Sniffer
22
Summary
  • Network traffic measurement is a useful technique
    for networking researchers
  • Much is known about the general characteristics
    of Internet traffic, but new surprises
    arise all the time
  • Internet traffic is changing and evolving
  • Network measurement is essential for
    understanding current/future Internet

23
Thank You!
  • For more information
  • Email carey_at_cpsc.ucalgary.ca
  • WWW www.cpsc.ucalgary.ca/carey
  • Credits UCIT, Martin Arlitt, Jean Cao
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com